31 lines
817 B
Nix
31 lines
817 B
Nix
{ config, ... }:
|
|
{
|
|
sops.defaultSopsFile = ./secrets/nginx.yaml;
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
# Nginx
|
|
sops.secrets."services/nginx/admin.htpasswd" = {
|
|
mode = "0400";
|
|
owner = config.users.users.nginx.name;
|
|
group = config.users.users.nginx.group;
|
|
};
|
|
sops.secrets."services/nginx/ecchi.htpasswd" = {
|
|
mode = "0400";
|
|
owner = config.users.users.nginx.name;
|
|
group = config.users.users.nginx.group;
|
|
};
|
|
sops.secrets."services/nginx/music.htpasswd" = {
|
|
mode = "0400";
|
|
owner = config.users.users.nginx.name;
|
|
group = config.users.users.nginx.group;
|
|
};
|
|
|
|
# HedgeDoc
|
|
sops.secrets."services/hedgedoc/.env" = {
|
|
mode = "0400";
|
|
owner = config.users.users.hedgedoc.name;
|
|
sopsFile = ./secrets/hedgedoc.env;
|
|
format = "dotenv";
|
|
};
|
|
}
|